MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add Muhstik botnet

pull/200/head
Deborah Servili 2018-04-23 09:26:28 +02:00
parent ecf2d0848d
commit 6bf2004bd5
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/botnet.json
View File

@ -541,6 +541,16 @@
]
},
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67"
},
{
"value": "Muhstik",
"description": "The botnet is exploiting the CVE-2018-7600 vulnerability —also known as Drupalgeddon 2— to access a specific URL and gain the ability to execute commands on a server running the Drupal CMS.\nAt the technical level, Netlab says Muhstik is built on top of Tsunami, a very old strain of malware that has been used for years to create botnets by infecting Linux servers and smart devices running Linux-based firmware.\nCrooks have used Tsunami initially for DDoS attacks, but its feature-set has greatly expanded after its source code leaked online.\nThe Muhstik version of Tsunami, according to a Netlab report published today, can launch DDoS attacks, install the XMRig Monero miner, or install the CGMiner to mine Dash cryptocurrency on infected hosts. Muhstik operators are using these three payloads to make money via the infected hosts.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/big-iot-botnet-starts-large-scale-exploitation-of-drupalgeddon-2-vulnerability/"
]
},
"uuid": "8364b00c-46c6-11e8-a78e-9bcc5609574f"
}
],
"name": "Botnet",
@ -551,5 +561,5 @@
],
"description": "botnet galaxy",
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
"version": 2
"version": 3
}